Skip to content

Commit

Permalink
support usec and umount control
Browse files Browse the repository at this point in the history
  • Loading branch information
xyr218 committed Oct 31, 2024
1 parent dafc813 commit f81956d
Show file tree
Hide file tree
Showing 13 changed files with 2,969 additions and 3 deletions.
4 changes: 4 additions & 0 deletions debian/Makefile.devel
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,10 @@ ifeq ($(NAME),mls)
NTYPE = mls
endif

ifeq ($(NAME),usec)
NTYPE = usec
endif

TYPE ?= $(NTYPE)

HEADERDIR := $(SHAREDIR)/devel/include
Expand Down
74 changes: 74 additions & 0 deletions debian/build.conf.usec
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
########################################
#
# Policy build options
#

# Policy version
# By default, checkpolicy will create the highest
# version policy it supports. Setting this will
# override the version. This only has an
# effect for monolithic policies.
#OUTPUT_POLICY = 21

# Policy Type
# standard, mls, mcs
TYPE = mcs

# Policy Name
# If set, this will be used as the policy
# name. Otherwise the policy type will be
# used for the name.
NAME = usec

# Distribution
# Some distributions have portions of policy
# for programs or configurations specific to the
# distribution. Setting this will enable options
# for the distribution.
# redhat, gentoo, debian, suse, and rhel4 are current options.
# Fedora users should enable redhat.
DISTRO = debian

# Unknown Permissions Handling
# The behavior for handling permissions defined in the
# kernel but missing from the policy. The permissions
# can either be allowed, denied, or the policy loading
# can be rejected.
# allow, deny, and reject are current options.
UNK_PERMS = deny

# Direct admin init
# Setting this will allow sysadm to directly
# run init scripts, instead of requring run_init.
# This is a build option, as role transitions do
# not work in conditional policy.
DIRECT_INITRC = y

# Build monolithic policy. Putting n here
# will build a loadable module policy.
MONOLITHIC = n

# User-based access control (UBAC)
# Enable UBAC for role separations.
UBAC = y

# Number of MLS Sensitivities
# The sensitivities will be s0 to s(MLS_SENS-1).
# Dominance will be in increasing numerical order
# with s0 being lowest.
MLS_SENS = 16

# Number of MLS Categories
# The categories will be c0 to c(MLS_CATS-1).
MLS_CATS = 1024

# Number of MCS Categories
# The categories will be c0 to c(MLS_CATS-1).
MCS_CATS = 1024

# Set this to y to only display status messages
# during build.
QUIET = n

# arch-tag: ec64afa6-f6f8-4b08-b002-6025ada3a269

7 changes: 7 additions & 0 deletions debian/changelog
Original file line number Diff line number Diff line change
@@ -1,3 +1,10 @@
refpolicy (2:2.20240723-2deepin3) unstable; urgency=medium

* change to support umount control.

-- xiongyingrong <xiongyingrong@uniontech.com> Thu, 31 Oct 2024 15:37:26 +0800


refpolicy (2:2.20240723-2deepin2) unstable; urgency=medium

* usec support process unkill boolean
Expand Down
14 changes: 14 additions & 0 deletions debian/control
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,20 @@ Description: MLS (Multi Level Security) variant of the SELinux policy
probably never be well supported in Debian and is only recommended for
students who want to learn about the security features used by the military.

Package: selinux-policy-usec
Architecture: all
Depends: libselinux1 (>= 3.5),
libsemanage2 (>= 3.5),
libsepol2 (>= 3.5),
policycoreutils (>= 3.5-2),
selinux-utils (>= 3.5),
${misc:Depends}
Recommends: checkpolicy, setools
Suggests: logcheck, syslog-summary
Breaks: selinux-basics (<< 0.5.2~)
Conflicts: mcstrans
Description: usec

Package: selinux-policy-src
Architecture: all
Depends: checkpolicy (>= 3.5),
Expand Down
Loading

0 comments on commit f81956d

Please sign in to comment.